2 Version: @PACKAGE_VERSION@
4 Summary: Open source system for attribute-based Web SSO
5 Group: Productivity/Networking/Security
8 URL: http://shibboleth.internet2.edu/
9 Source: %{name}-sp-%{version}.tar.gz
10 BuildRoot: %{_tmppath}/%{name}-%{version}-root
12 PreReq: xmltooling-schemas, opensaml-schemas
13 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
14 PreReq: %{insserv_prereq} %{fillup_prereq}
15 BuildRequires: libXerces-c-devel >= 2.8.0
17 BuildRequires: libxerces-c-devel >= 2.8.0
19 BuildRequires: libxml-security-c-devel >= 1.4.0
20 BuildRequires: libxmltooling-devel >= 1.5
21 BuildRequires: libsaml-devel >= 2.5
22 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
23 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel}
24 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
25 Requires: libcurl-openssl >= 7.21.7
26 BuildRequires: chrpath
28 BuildRequires: gcc-c++, zlib-devel, boost-devel >= 1.32.0
29 %{!?_without_doxygen:BuildRequires: doxygen}
30 %{!?_without_odbc:BuildRequires:unixODBC-devel}
31 %{?_with_fastcgi:BuildRequires: fcgi-devel}
32 %if "%{_vendor}" == "redhat"
33 %{!?_without_builtinapache:BuildRequires: httpd-devel}
34 BuildRequires: redhat-rpm-config
35 Requires(pre): shadow-utils
36 Requires(post): chkconfig
37 Requires(preun): chkconfig, initscripts
39 %if "%{_vendor}" == "suse"
40 Requires(pre): pwdutils
41 %{!?_without_builtinapache:BuildRequires: apache2-devel}
45 %if "%{_vendor}" == "suse"
46 %define pkgdocdir %{_docdir}/%{name}
48 %define pkgdocdir %{_docdir}/%{name}-%{version}
52 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
53 that supports multiple protocols, federated identity, and the extensible
54 exchange of rich attributes subject to privacy controls.
56 This package contains the Shibboleth Service Provider runtime libraries,
57 daemon, default plugins, and Apache module(s).
60 Summary: Shibboleth Development Headers
61 Group: Development/Libraries/C and C++
62 Requires: %{name} = %{version}-%{release}
63 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
64 Requires: libXerces-c-devel >= 2.8.0
66 Requires: libxerces-c-devel >= 2.8.0
68 Requires: libxml-security-c-devel >= 1.4.0
69 Requires: libxmltooling-devel >= 1.5
70 Requires: libsaml-devel >= 2.5
71 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
72 %{!?_with_log4cpp:Requires: liblog4shib-devel}
75 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
76 that supports multiple protocols, federated identity, and the extensible
77 exchange of rich attributes subject to privacy controls.
79 This package includes files needed for development with Shibboleth.
85 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?_with_memcached} %{?shib_options}
86 %{__make} pkgdocdir=%{pkgdocdir}
89 %{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
91 %if "%{_vendor}" == "suse"
92 %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
93 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/native.logger
96 # Plug the SP into the built-in Apache on a recognized system.
99 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_13.so ] ; then
100 APACHE_CONFIG="apache.config"
102 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_20.so ] ; then
103 APACHE_CONFIG="apache2.config"
105 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_22.so ] ; then
106 APACHE_CONFIG="apache22.config"
108 %{?_without_builtinapache:APACHE_CONFIG="no"}
109 if [ "$APACHE_CONFIG" != "no" ] ; then
111 if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
112 APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
114 if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
115 APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
117 if [ "$APACHE_CONFD" != "no" ] ; then
118 %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
119 %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
120 echo "%config(noreplace) $APACHE_CONFD/shib.conf" >> rpm.filelist
124 # Establish location of sysconfig file, if any.
126 %if "%{_vendor}" == "redhat"
127 %{__mkdir} -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
128 echo "%config(noreplace) %{_sysconfdir}/sysconfig/shibd" >> rpm.filelist
129 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd"
131 %if "%{_vendor}" == "suse"
132 %{__mkdir} -p $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates
133 echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist
134 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd"
136 if [ "$SYSCONFIG_SHIBD" != "no" ] ; then
137 # Populate the sysconfig file.
138 cat > $SYSCONFIG_SHIBD <<EOF
139 # Shibboleth SP init script customization
141 # User account for shibd
142 SHIBD_USER=%{runuser}
144 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
145 cat >> $SYSCONFIG_SHIBD <<EOF
147 # Override OS-supplied libcurl
148 export LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
150 # Strip existing rpath to libcurl.
151 chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
152 chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
153 chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
157 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
158 # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
159 install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
160 install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
161 %if "%{_vendor}" == "suse"
162 install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
163 %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
171 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
174 getent group %{runuser} >/dev/null || groupadd -r %{runuser}
175 getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
176 -d %{_localstatedir}/run/%{name} -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
180 %ifnos solaris2.8 solaris2.9 solaris2.10
184 # Key generation or ownership fix
185 cd %{_sysconfdir}/%{name}
186 if [ -f sp-key.pem ] ; then
187 %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
189 sh ./keygen.sh -b -u %{runuser} -g %{runuser}
192 # Fix ownership of log files (even on new installs, if they're left from an older one).
193 %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/%{name}/* 2>/dev/null || :
195 %if "%{_vendor}" == "redhat"
196 if [ "$1" -gt "1" ] ; then
197 # On Red Hat with shib.conf installed, clean up old Alias commands
198 # by pointing them at new version-independent /usr/share/share tree.
199 # Any Aliases we didn't create we assume are custom files.
200 # This is to accomodate making shib.conf a noreplace config file.
201 # We can't do this for SUSE, because they disallow changes to
202 # packaged files in scriplets.
204 if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
205 APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
207 if [ "$APACHE_CONF" != "no" ] ; then
208 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
210 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
215 # This adds the proper /etc/rc*.d links for the script
216 /sbin/chkconfig --add shibd
218 # On upgrade, restart components if they're already running.
219 # This gets repeated now down in %postun, and the next release
220 # should remove this copy. If we yank it now, we'll break upgrades.
221 if [ "$1" -gt "1" ] ; then
222 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
223 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
227 %if "%{_vendor}" == "suse"
228 # This adds the proper /etc/rc*.d links for the script
229 # and populates the sysconfig/shibd file.
231 %{fillup_only -n shibd}
232 %insserv_force_if_yast shibd
236 # On final removal, stop shibd and remove service, restart Apache if running.
237 %if "%{_vendor}" == "redhat"
238 if [ "$1" -eq 0 ] ; then
239 /sbin/service shibd stop >/dev/null 2>&1
240 /sbin/chkconfig --del shibd
241 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
244 %if "%{_vendor}" == "suse"
245 %stop_on_removal shibd
246 if [ "$1" -eq 0 ] ; then
247 %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
253 %ifnos solaris2.8 solaris2.9 solaris2.10
256 %if "%{_vendor}" == "redhat"
257 # On upgrade, restart components if they're already running.
258 if [ "$1" -ge "1" ] ; then
259 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
260 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
264 %if "%{_vendor}" == "suse"
266 %restart_on_update shibd
267 %{!?_without_builtinapache:%restart_on_update apache2}
272 # ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
273 %if "%{_vendor}" == "redhat"
274 if [ ! -f %{_initrddir}/shibd ] ; then
275 if [ -f %{_sysconfdir}/%{name}/shibd-%{_vendor} ] ; then
276 %{__cp} -p %{_sysconfdir}/%{name}/shibd-%{_vendor} %{_initrddir}/shibd
277 %{__chmod} 755 %{_initrddir}/shibd
278 /sbin/chkconfig --add shibd
283 %files -f rpm.filelist
284 %defattr(-,root,root,-)
287 %{_bindir}/resolvertest
288 %{_libdir}/libshibsp.so.*
289 %{_libdir}/libshibsp-lite.so.*
290 %dir %{_libdir}/%{name}
292 %exclude %{_libdir}/%{name}/*.la
293 %attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/%{name}
294 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/%{name}
295 %dir %{_datadir}/xml/%{name}
296 %{_datadir}/xml/%{name}/*
297 %dir %{_datadir}/%{name}
298 %{_datadir}/%{name}/*
299 %dir %{_sysconfdir}/%{name}
300 %config(noreplace) %{_sysconfdir}/%{name}/*.xml
301 %config(noreplace) %{_sysconfdir}/%{name}/*.html
302 %config(noreplace) %{_sysconfdir}/%{name}/*.logger
303 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
304 %config %{_initrddir}/shibd
306 %if "%{_vendor}" == "suse"
309 %{_sysconfdir}/%{name}/*.dist
310 %{_sysconfdir}/%{name}/apache*.config
311 %{_sysconfdir}/%{name}/shibd-*
312 %attr(0755,root,root) %{_sysconfdir}/%{name}/keygen.sh
313 %attr(0755,root,root) %{_sysconfdir}/%{name}/metagen.sh
314 %{_sysconfdir}/%{name}/*.xsl
316 %exclude %{pkgdocdir}/api
319 %defattr(-,root,root,-)
321 %{_libdir}/libshibsp.so
322 %{_libdir}/libshibsp-lite.so
323 %doc %{pkgdocdir}/api
326 * Wed Dec 14 2011 Scott Cantor <cantor.2@osu.edu> - 2.5-1
327 - Move logo and stylesheet to version-independent tree
328 - Make shib.conf noreplace
329 - Post-fixup of Alias commands in older shib.conf
330 - Changes to run shibd as non-root shibboleth user
331 - Move init customizations to /etc/sysconfig/shibd
332 - Copy shibd restart for Red Hat to postun
333 - Add boost-devel dependency
335 * Sun Jun 26 2011 Scott Cantor <cantor.2@osu.edu> - 2.4.3-1
336 - Log files shouldn't be world readable.
337 - Explicit requirement for libcurl-openssl on RHEL6
338 - Uncomment LD_LIBRARY_PATH in init script for RHEL6
339 - Remove rpath from binaries for RHEL6
341 * Fri Dec 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.4-1
342 - Update dependencies.
344 * Mon Nov 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.3.1-1
345 - Reset revision for 2.3.1 release
347 * Wed Aug 19 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-2
348 - SuSE init script changes
349 - Restart Apache on removal, not just upgrade
350 - Fix scriptlet exit values when Apache is stopped
352 * Mon Aug 10 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
353 - Doc handling changes
356 * Tue Aug 4 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
357 - Initial version for 2.2.1, with shibd/httpd restart on upgrade
359 * Thu Jun 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-3
360 - Add additional cleanup to posttrans fix
362 * Tue Jun 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-2
363 - Reverse without_builtinapache macro test
364 - Fix init script handling on Red Hat to handle upgrades
366 * Wed Dec 3 2008 Scott Cantor <cantor.2@osu.edu> - 2.2-1
367 - Bump minor version.
368 - Make keygen.sh executable.
369 - Fixing SUSE Xerces dependency name.
370 - Optionally package shib.conf.
372 * Tue Jun 10 2008 Scott Cantor <cantor.2@osu.edu> - 2.1-1
373 - Change shib.conf handling to treat as config file.
375 * Mon Mar 17 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-6
378 * Fri Jan 18 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-5
379 - Release candidate 1.
381 * Sun Oct 21 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-4
382 - libexec -> lib/shibboleth changes
383 - Added doc subpackage
385 * Thu Aug 16 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-3
388 * Fri Jul 13 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-2
389 - Second alpha release.
391 * Sun Jun 10 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-1
392 - First alpha release.
394 * Mon Oct 2 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-11
395 - Applied fix for secadv 20061002
396 - Fix for metadata loader loop
398 * Wed Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
399 - Applied fix for sec 20060615
401 * Fri Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
402 - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
404 * Mon Jan 9 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-8
405 - Applied new fix for secadv 20060109
407 * Tue Nov 8 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-7
408 - Applied new fix for secadv 20050901 plus rollup
410 * Fri Sep 23 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-6
411 - Minor patches and default config changes
413 - Fix shib.conf creation
414 - Integrated init.d script
415 - Prevent replacement of config files
417 * Thu Sep 1 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-5
418 - Applied fix for secadv 20050901 plus rollup of NSAPI fixes
420 * Sun Apr 24 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-1
421 - Updated test programs and location of schemas.
422 - move siterefresh to to sbindir
424 * Fri Apr 1 2005 Derek Atkins <derek@ihtfp.com> - 1.3-1
425 - Add selinux-targeted-policy package
426 - move shar to sbindir
428 * Tue Oct 19 2004 Derek Atkins <derek@ihtfp.com> - 1.2-1
429 - Create SPEC file based on various versions in existence.